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PRESIDENTIAL POLICY DIRECTIVE/PPD-21 

SUBJECT: Critical Infrastructure Security and Resilience 



The Presidential Policy Directive (PPD) on Critical 
Infrastructure Security and Resilience advances a national unity 
of effort to strengthen and maintain secure, functioning, and 
resilient critical infrastructure. 

Introduction 

The Nation's critical infrastructure provides the essential 
services that underpin American society. Proactive and 
coordinated efforts are necessary to strengthen and maintain 
secure, functioning, and resilient critical infrastructure - 
including assets, networks, and systems - that are vital to 
public confidence and the Nation's safety, prosperity, and well- 
being . 

The Nation's critical infrastructure is diverse and complex. It 
includes distributed networks, varied organizational structures 
and operating models (including multinational ownership) , 
interdependent functions and systems in both the physical space 
and cyberspace, and governance constructs that involve multi- 
level authorities, responsibilities, and regulations. Critical 
infrastructure owners and operators are uniquely positioned to 
manage risks to their individual operations and assets, and to 
determine effective strategies to make them more secure and 
resilient . 

Critical infrastructure must be secure and able to withstand and 
rapidly recover from all hazards. Achieving this will require 
integration with the national preparedness system across 
prevention, protection, mitigation, response, and recovery. 

This directive establishes national policy on critical 
infrastructure security and resilience. This endeavor is a 
shared responsibility among the Federal, state, local, tribal, 
and territorial (SLTT) entities, and public and private owners 
and operators of critical infrastructure (herein referred to as 
"critical infrastructure owners and operators"). This directive 
also refines and clarifies the critical infrastructure-related 
functions, roles, and responsibilities across the Federal 
Government, as well as enhances overall coordination and 
collaboration. The Federal Government also has a responsibility 
to strengthen the security and resilience of its own critical 
infrastructure, for the continuity of national essential 
functions, and to organize itself to partner effectively with 
and add value to the security and resilience efforts of critical 
infrastructure owners and operators. 
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Policy 

It is the policy of the United States to strengthen the security 
and resilience of its critical infrastructure against both 
physical and cyber threats. The Federal Government shall work 
with critical infrastructure owners and operators and SLTT 
entities to take proactive steps to manage risk and strengthen 
the security and resilience of the Nation's critical 
infrastructure, considering all hazards that could have a 
debilitating impact on national security, economic stability, 
public health and safety, or any combination thereof. These 
efforts shall seek to reduce vulnerabilities, minimize 
consequences, identify and disrupt threats, and hasten response 
and recovery efforts related to critical infrastructure. 

The Federal Government shall also engage with international 
partners to strengthen the security and resilience of domestic 
critical infrastructure and critical infrastructure located 
outside of the United States on which the Nation depends. 

U.S. efforts shall address the security and resilience of 
critical infrastructure in an integrated, holistic manner to 
reflect this infrastructure's interconnectedness and 
interdependency . This directive also identifies energy and 
communications systems as uniquely critical due to the enabling 
functions they provide across all critical infrastructure 
sectors . 

Three strategic imperatives shall drive the Federal approach to 
strengthen critical infrastructure security and resilience: 

1) Refine and clarify functional relationships across the Federal 
Government to advance the national unity of effort to 
strengthen critical infrastructure security and resilience; 

2) Enable effective information exchange by identifying baseline 
data and systems requirements for the Federal Government; and 

3) Implement an integration and analysis function to inform 
planning and operations decisions regarding critical 
infrastructure . 

All Federal department and agency heads are responsible for the 
identification, prioritization, assessment, remediation, and 
security of their respective internal critical infrastructure 
that supports primary mission essential functions. Such 
infrastructure shall be addressed in the plans and execution of 
the requirements in the National Continuity Policy. 

Federal departments and agencies shall implement this directive 
in a manner consistent with applicable law, Presidential 
directives, and Federal regulations, including those protecting 
privacy, civil rights, and civil liberties. In addition, 
Federal departments and agencies shall protect all information 
associated with carrying out this directive consistent with 
applicable legal authorities and policies. 

Roles and Responsibilities 

Effective implementation of this directive requires a national 
unity of effort pursuant to strategic guidance from the 
Secretary of Homeland Security. That national effort must 
include expertise and day-to-day engagement from the Sector- 
Specific Agencies (SSAs) as well as the specialized or support 
capabilities from other Federal departments and agencies, and 
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strong collaboration with critical infrastructure owners and 
operators and SLTT entities. Although the roles and 
responsibilities identified in this directive are directed at 
Federal departments and agencies, effective partnerships with 
critical infrastructure owners and operators and SLTT entities 
are imperative to strengthen the security and resilience of the 
Nation's critical infrastructure. 

Secretary of Homeland Security 

The Secretary of Homeland Security shall provide strategic 
guidance, promote a national unity of effort, and coordinate the 
overall Federal effort to promote the security and resilience of 
the Nation's critical infrastructure. In carrying out the 
responsibilities assigned in the Homeland Security Act of 2002, 
as amended, the Secretary of Homeland Security evaluates 
national capabilities, opportunities, and challenges in 
protecting critical infrastructure; analyzes threats to, 
vulnerabilities of, and potential consequences from all hazards 
on critical infrastructure; identifies security and resilience 
functions that are necessary for effective public-private 
engagement with all critical infrastructure sectors; develops a 
national plan and metrics, in coordination with SSAs and other 
critical infrastructure partners; integrates and coordinates 
Federal cross-sector security and resilience activities; 
identifies and analyzes key interdependencies among critical 
infrastructure sectors; and reports on the effectiveness of 
national efforts to strengthen the Nation's security and 
resilience posture for critical infrastructure. 

Additional roles and responsibilities for the Secretary of 
Homeland Security include: 

1) Identify and prioritize critical infrastructure, considering 
physical and cyber threats, vulnerabilities, and consequences, 
in coordination with SSAs and other Federal departments and 
agencies ; 

2) Maintain national critical infrastructure centers that shall 
provide a situational awareness capability that includes 
integrated, actionable information about emerging trends, 
imminent threats, and the status of incidents that may impact 
critical infrastructure; 

3) In coordination with SSAs and other Federal departments and 
agencies, provide analysis, expertise, and other technical 
assistance to critical infrastructure owners and operators and 
facilitate access to and exchange of information and 
intelligence necessary to strengthen the security and 
resilience of critical infrastructure; 

4) Conduct comprehensive assessments of the vulnerabilities of 
the Nation's critical infrastructure in coordination with the 
SSAs and in collaboration with SLTT entities and critical 
infrastructure owners and operators; 

5) Coordinate Federal Government responses to significant cyber 
or physical incidents affecting critical infrastructure 
consistent with statutory authorities; 

6) Support the Attorney General and law enforcement agencies with 
their responsibilities to investigate and prosecute threats to 
and attacks against critical infrastructure; 

7) Coordinate with and utilize the expertise of SSAs and other 
appropriate Federal departments and agencies to map 
geospatially, image, analyze, and sort critical infrastructure 
by employing commercial satellite and airborne systems, as 
well as existing capabilities within other departments and 
agencies; and 
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8) Report annually on the status of national critical 
infrastructure efforts as required by statute. 

Sector-Specific Agencies 

Each critical infrastructure sector has unique characteristics, 
operating models, and risk profiles that benefit from an 
identified Sector-Specific Agency that has institutional 
knowledge and specialized expertise about the sector. 
Recognizing existing statutory or regulatory authorities of 
specific Federal departments and agencies, and leveraging 
existing sector familiarity and relationships, SSAs shall carry 
out the following roles and responsibilities for their 
respective sectors: 

1) As part of the broader national effort to strengthen the 
security and resilience of critical infrastructure, coordinate 
with the Department of Homeland Security (DHS) and other 
relevant Federal departments and agencies and collaborate with 
critical infrastructure owners and operators, where 
appropriate with independent regulatory agencies, and with 
SLTT entities, as appropriate, to implement this directive; 

2) Serve as a day-to-day Federal interface for the dynamic 
prioritization and coordination of sector-specific activities; 

3) Carry out incident management responsibilities consistent with 
statutory authority and other appropriate policies, 
directives, or regulations; 

4) Provide, support, or facilitate technical assistance and 
consultations for that sector to identify vulnerabilities and 
help mitigate incidents, as appropriate; and 

5) Support the Secretary of Homeland Security's statutorily 
required reporting requirements by providing on an annual 
basis sector-specific critical infrastructure information. 

Additional Federal Responsibilities 

The following departments and agencies have specialized or 
support functions related to critical infrastructure security 
and resilience that shall be carried out by, or along with, 
other Federal departments and agencies and independent 
regulatory agencies, as appropriate. 

1) The Department of State, in coordination with DHS, SSAs, and 
other Federal departments and agencies, shall engage foreign 
governments and international organizations to strengthen the 
security and resilience of critical infrastructure located 
outside the United States and to facilitate the overall 
exchange of best practices and lessons learned for promoting 
the security and resilience of critical infrastructure on 
which the Nation depends. 

2) The Department of Justice (DOJ) , including the Federal Bureau 
of Investigation (FBI), shall lead counterterrorism and 
counterintelligence investigations and related law enforcement 
activities across the critical infrastructure sectors. DOJ 
shall investigate, disrupt, prosecute, and otherwise reduce 
foreign intelligence, terrorist, and other threats to, and 
actual or attempted attacks on, or sabotage of, the Nation's 
critical infrastructure. The FBI also conducts domestic 
collection, analysis, and dissemination of cyber threat 
information, and shall be responsible for the operation of the 
National Cyber Investigative Joint Task Force (NCIJTF) . The 
NCIJTF serves as a multi-agency national focal point for 
coordinating, integrating, and sharing pertinent information 
related to cyber threat investigations, with representation 
from DHS, the Intelligence Community (IC), the Department of 
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Defense (DOD) , and other agencies as appropriate. The 
Attorney General and the Secretary of Homeland Security shall 
collaborate to carry out their respective critical 
infrastructure missions. 

3) The Department of the Interior, in collaboration with the 
SSA for the Government Facilities Sector, shall identify, 
prioritize, and coordinate the security and resilience efforts 
for national monuments and icons and incorporate measures to 
reduce risk to these critical assets, while also promoting 
their use and enjoyment. 

4) The Department of Commerce (DOC), in collaboration with DHS 
and other relevant Federal departments and agencies, shall 
engage private sector, research, academic, and government 
organizations to improve security for technology and tools 
related to cyber-based systems, and promote the development of 
other efforts related to critical infrastructure to enable the 
timely availability of industrial products, materials, and 
services to meet homeland security requirements. 

5) The IC, led by the Director of National Intelligence (DNI), 
shall use applicable authorities and coordination mechanisms 
to provide, as appropriate, intelligence assessments regarding 
threats to critical infrastructure and coordinate on 
intelligence and other sensitive or proprietary information 
related to critical infrastructure. In addition, information 
security policies, directives, standards, and guidelines for 
safeguarding national security systems shall be overseen as 
directed by the President, applicable law, and in accordance 
with that direction, carried out under the authority of the 
heads of agencies that operate or exercise authority over such 
national security systems. 

6) The General Services Administration, in consultation with DOD, 
DHS, and other departments and agencies as appropriate, shall 
provide or support government-wide contracts for critical 
infrastructure systems and ensure that such contracts include 
audit rights for the security and resilience of critical 
infrastructure . 

7) The Nuclear Regulatory Commission (NRC) is to oversee its 
licensees' protection of commercial nuclear power reactors and 
non-power nuclear reactors used for research, testing, and 
training; nuclear materials in medical, industrial, and 
academic settings, and facilities that fabricate nuclear fuel; 
and the transportation, storage, and disposal of nuclear 
materials and waste. The NRC is to collaborate, to the extent 
possible, with DHS, DOJ, the Department of Energy, the 
Environmental Protection Agency, and other Federal departments 
and agencies, as appropriate, on strengthening critical 
infrastructure security and resilience. 

8) The Federal Communications Commission, to the extent permitted 
by law, is to exercise its authority and expertise to partner 
with DHS and the Department of State, as well as other Federal 
departments and agencies and SSAs as appropriate, on: 

(1) identifying and prioritizing communications 
infrastructure; (2) identifying communications sector 
vulnerabilities and working with industry and other 
stakeholders to address those vulnerabilities; and (3) working 
with stakeholders, including industry, and engaging foreign 
governments and international organizations to increase the 
security and resilience of critical infrastructure within the 
communications sector and facilitating the development and 
implementation of best practices promoting the security and 
resilience of critical communications infrastructure on which 
the Nation depends. 
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9) Federal departments and agencies shall provide timely 

information to the Secretary of Homeland Security and the 
national critical infrastructure centers necessary to support 
cross-sector analysis and inform the situational awareness 
capability for critical infrastructure. 

Three Strategic Imperatives 

1 ) Refine and Clarify Functional Relationships across the Federal 
Government to Advance the National Unity of Effort to 
Strengthen Critical Infrastructure Security and Resilience 

An effective national effort to strengthen critical 
infrastructure security and resilience must be guided by a 
national plan that identifies roles and responsibilities and is 
informed by the expertise, experience, capabilities, and 
responsibilities of the SSAs, other Federal departments and 
agencies with critical infrastructure roles, SLTT entities, and 
critical infrastructure owners and operators. 

During the past decade, new programs and initiatives have been 
established to address specific infrastructure issues, and 
priorities have shifted and expanded. As a result, Federal 
functions related to critical infrastructure security and 
resilience shall be clarified and refined to establish baseline 
capabilities that will reflect this evolution of knowledge, to 
define relevant Federal program functions, and to facilitate 
collaboration and information exchange between and among the 
Federal Government, critical infrastructure owners and 
operators, and SLTT entities. 

As part of this refined structure, there shall be two national 
critical infrastructure centers operated by DHS - one for 
physical infrastructure and another for cyber infrastructure. 
They shall function in an integrated manner and serve as focal 
points for critical infrastructure partners to obtain 
situational awareness and integrated, actionable information to 
protect the physical and cyber aspects of critical 
infrastructure. Just as the physical and cyber elements of 
critical infrastructure are inextricably linked, so are the 
vulnerabilities. Accordingly, an integration and analysis 
function (further developed in Strategic Imperative 3) shall be 
implemented between these two national centers. 

The success of these national centers, including the integration 
and analysis function, is dependent on the quality and 
timeliness of the information and intelligence they receive from 
the SSAs and other Federal departments and agencies, as well as 
from critical infrastructure owners and operators and SLTT 
entities . 

These national centers shall not impede the ability of the heads 
of Federal departments and agencies to carry out or perform 
their responsibilities for national defense, criminal, 
counterintelligence, counterterrorism, or investigative 
activities . 

2 ) Enable Efficient Information Exchange by Identifying Baseline 
Data and Systems Requirements for the Federal Government 

A secure, functioning, and resilient critical infrastructure 
requires the efficient exchange of information, including 
intelligence, between all levels of governments and critical 
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infrastructure owners and operators. This must facilitate the 
timely exchange of threat and vulnerability information as well 
as information that allows for the development of a situational 
awareness capability during incidents. The goal is to enable 
efficient information exchange through the identification of 
requirements for data and information formats and accessibility, 
system interoperability, and redundant systems and alternate 
capabilities should there be a disruption in the primary 
systems . 



Greater information sharing within the government and with the 
private sector can and must be done while respecting privacy and 
civil liberties. Federal departments and agencies shall ensure 
that all existing privacy principles, policies, and procedures 
are implemented consistent with applicable law and policy and 
shall include senior agency officials for privacy in their 
efforts to govern and oversee information sharing properly. 



3) Implement an Integration and Analysis Function to Inform 
Planning and Operational Decisions Regarding Critical 
Infrastructure 



The third strategic imperative builds on the first two and calls 
for the implementation of an integration and analysis function 
for critical infrastructure that includes operational and 
strategic analysis on incidents, threats, and emerging risks. 
It shall reside at the intersection of the two national centers 
as identified in Strategic Imperative 1, and it shall include 
the capability to collate, assess, and integrate vulnerability 
and consequence information with threat streams and hazard 
information to: 



a. Aid in prioritizing assets and managing risks to critical 
infrastructure ; 

b. Anticipate interdependencies and cascading impacts; 

c. Recommend security and resilience measures for critical 
infrastructure prior to, during, and after an event or 
incident; and 

d. Support incident management and restoration efforts related 
to critical infrastructure. 



This function shall not replicate the analysis function of the 
IC or the National Counterterrorism Center, nor shall it involve 
intelligence collection activities. The IC, DOD, DOJ, DHS, and 
other Federal departments and agencies with relevant 
intelligence or information shall, however, inform this 
integration and analysis capability regarding the Nation's 
critical infrastructure by providing relevant, timely, and 
appropriate information to the national centers. This function 
shall also use information and intelligence provided by other 
critical infrastructure partners, including SLTT and 
nongovernmental analytic entities. 



Finally, this integration and analysis function shall support 
DHS 1 s ability to maintain and share, as a common Federal 
service, a near real-time situational awareness capability for 
critical infrastructure that includes actionable information 
about imminent threats, significant trends, and awareness of 
incidents that may affect critical infrastructure. 



Innovation and Research and Development 
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The Secretary of Homeland Security, in coordination with the 
Office of Science and Technology Policy (OSTP) , the SSAs, DOC, 
and other Federal departments and agencies, shall provide input 
to align those Federal and Federally-funded research and 
development (R&D) activities that seek to strengthen the 
security and resilience of the Nation's critical infrastructure, 
including : 

1) Promoting R&D to enable the secure and resilient design and 
construction of critical infrastructure and more secure 
accompanying cyber technology; 

2) Enhancing modeling capabilities to determine potential impacts 
on critical infrastructure of an incident or threat scenario, 
as well as cascading effects on other sectors; 

3) Facilitating initiatives to incentivize cybersecurity 
investments and the adoption of critical infrastructure design 
features that strengthen all-hazards security and resilience; 
and 

4) Prioritizing efforts to support the strategic guidance issued 
by the Secretary of Homeland Security. 

Implementation of the Directive 

The Secretary of Homeland Security shall take the following 
actions as part of the implementation of this directive. 

1 ) Critical Infrastructure Security and Resilience Functional 
Relationships . Within 120 days of the date of this directive, 
the Secretary of Homeland Security shall develop a description 
of the functional relationships within DHS and across the 
Federal Government related to critical infrastructure security 
and resilience. It should include the roles and functions of 
the two national critical infrastructure centers and a 
discussion of the analysis and integration function. When 
complete, it should serve as a roadmap for critical 
infrastructure owners and operators and SLTT entities to 
navigate the Federal Government's functions and primary points 
of contact assigned to those functions for critical 
infrastructure security and resilience against both physical 
and cyber threats. The Secretary shall coordinate this effort 
with the SSAs and other relevant Federal departments and 
agencies. The Secretary shall provide the description to the 
President through the Assistant to the President for Homeland 
Security and Counterterrorism . 

2 ) Evaluation of the Existing Public-Private Partnership Model . 
Within 150 days of the date of this directive, the Secretary 
of Homeland Security, in coordination with the SSAs, other 
relevant Federal departments and agencies, SLTT entities, and 
critical infrastructure owners and operators, shall conduct an 
analysis of the existing public-private partnership model and 
recommend options for improving the effectiveness of the 
partnership in both the physical and cyber space. The 
evaluation shall consider options to streamline processes for 
collaboration and exchange of information and to minimize 
duplication of effort. Furthermore, the analysis shall 
consider how the model can be flexible and adaptable to meet 
the unique needs of individual sectors while providing a 
focused, disciplined, and effective approach for the Federal 
Government to coordinate with the critical infrastructure 
owners and operators and with SLTT governments. The 
evaluation shall result in recommendations to enhance 
partnerships to be approved for implementation through the 
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processes established in the Organization of the National 
Security Council System directive. 

Identification of Baseline Data and Systems Requirements for 
the Federal Government to Enable Efficient Information 
Exchange . Within 180 days of the date of this directive, the 
Secretary of Homeland Security, in coordination with the SSAs 
and other Federal departments and agencies, shall convene a 
team of experts to identify baseline data and systems 
requirements to enable the efficient exchange of information 
and intelligence relevant to strengthening the security and 
resilience of critical infrastructure. The experts should 
include representatives from those entities that routinely 
possess information important to critical infrastructure 
security and resilience; those that determine and manage 
information technology systems used to exchange information; 
and those responsible for the security of information being 
exchanged. Interoperability with critical infrastructure 
partners; identification of key data and the information 
requirements of key Federal, SLTT, and private sector 
entities; availability, accessibility, and formats of data; 
the ability to exchange various classifications of 
information; and the security of those systems to be used; and 
appropriate protections for individual privacy and civil 
liberties should be included in the analysis. The analysis 
should result in baseline requirements for sharing of data and 
interoperability of systems to enable the timely exchange of 
data and information to secure critical infrastructure and 
make it more resilient. The Secretary shall provide that 
analysis to the President through the Assistant to the 
President for Homeland Security and Counterterrorism. 



4 ) Development of a Situational Awareness Capability for Critical 
Infrastructure . Within 240 days of the date of this 
directive, the Secretary of Homeland Security shall 
demonstrate a near real-time situational awareness capability 
for critical infrastructure that includes threat streams and 
all-hazards information as well as vulnerabilities; provides 
the status of critical infrastructure and potential cascading 
effects; supports decision making; and disseminates critical 
information that may be needed to save or sustain lives, 
mitigate damage, or reduce further degradation of a critical 
infrastructure capability throughout an incident. This 
capability should be available for and cover physical and 
cyber elements of critical infrastructure, and enable an 
integration of information as necessitated by the incident. 



5) Update to National Infrastructure Protection Plan . Within 
240 days of the date of this directive, the Secretary of 
Homeland Security shall provide to the President, through 
the Assistant to the President for Homeland Security and 
Counterterrorism, a successor to the National Infrastructure 
Protection Plan to address the implementation of this 
directive, the requirements of Title II of the Homeland 
Security Act of 2002 as amended, and alignment with the 
National Preparedness Goal and System required by PPD-8. The 
plan shall include the identification of a risk management 
framework to be used to strengthen the security and resilience 
of critical infrastructure; the methods to be used to 
prioritize critical infrastructure; the protocols to be used 
to synchronize communication and actions within the Federal 
Government; and a metrics and analysis process to be used to 
measure the Nation's ability to manage and reduce risks to 
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critical infrastructure. The updated plan shall also reflect 
the identified functional relationships within DHS and across 
the Federal Government and the updates to the public-private 
partnership model. Finally, the plan should consider sector 
dependencies on energy and communications systems, and 
identify pre-event and mitigation measures or alternate 
capabilities during disruptions to those systems. The 
Secretary shall coordinate this effort with the SSAs, other 
relevant Federal departments and agencies, SLTT entities, and 
critical infrastructure owners and operators. 



6) National Critical Infrastructure Security and Resilience R&D 
Plan . Within 2 years of the date of this directive, the 
Secretary of Homeland Security, in coordination with the OSTP, 
the SSAs, DOC, and other Federal departments and agencies, 
shall provide to the President, through the Assistant to the 
President for Homeland Security and Counterterrorism, a 
National Critical Infrastructure Security and Resilience R&D 
Plan that takes into account the evolving threat landscape, 
annual metrics, and other relevant information to identify 
priorities and guide R&D reguirements and investments. The 
plan should be issued every 4 years after its initial 
delivery, with interim updates as needed. 



Policy coordination, dispute resolution, and periodic in- 
progress reviews for the implementation of this directive shall 
be carried out consistent with PPD-1, including the use of 
Interagency Policy Committees coordinated by the National 
Security Staff. 



Nothing in this directive alters, supersedes, or impedes the 
authorities of Federal departments and agencies, including 
independent regulatory agencies, to carry out their functions 
and duties consistent with applicable legal authorities and 
other Presidential guidance and directives, including, but not 
limited to, the designation of critical infrastructure under 
such authorities. 



This directive revokes Homeland Security Presidential 
Directive/HSPD-7 , Critical Infrastructure Identification, 
Prioritization, and Protection, issued December 17, 2003. Plans 
developed pursuant to HSPD-7 shall remain in effect until 
specifically revoked or superseded. 



Designated Critical Infrastructure Sectors and Sector-Specific 
Agencies 

This directive identifies 16 critical infrastructure sectors and 
designates associated Federal SSAs. In some cases co-SSAs are 
designated where those departments share the roles and 
responsibilities of the SSA. The Secretary of Homeland Security 
shall periodically evaluate the need for and approve changes to 
critical infrastructure sectors and shall consult with the 
Assistant to the President for Homeland Security and 
Counterterrorism before changing a critical infrastructure 
sector or a designated SSA for that sector. The sectors and 
SSAs are as follows: 



Chemical : 

Sector-Specific Agency: Department of Homeland Security 
Commercial Facilities : 

Sector-Specific Agency: Department of Homeland Security 
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Communications : 

Sector-Specific Agency: Department of Homeland Security 
Critical Manufacturing : 

Sector-Specific Agency: Department of Homeland Security 
Dams : 

Sector-Specific Agency: Department of Homeland Security 
Defense Industrial Base: 

Sector-Specific Agency: Department of Defense 
Emergency Services : 

Sector-Specific Agency: Department of Homeland Security 
Energy : 

Sector-Specific Agency: Department of Energy 
Financial Services : 

Sector-Specific Agency: Department of the Treasury 
Food and Agriculture : 

Co-Sector-Specific Agencies: U.S. Department of 
Agriculture and Department of Health and Human Services 

Government Facilities : 

Co-Sector-Specific Agencies: Department of Homeland 
Security and General Services Administration 

Healthcare and Public Health: 



Sector-Specific Agency: Department of Health and Human 
Services 

Information Technology : 

Sector-Specific Agency: Department of Homeland Security 
Nuclear Reactors, Materials, and Waste : 

Sector-Specific Agency: Department of Homeland Security 
Transportation Systems : 

Co-Sector-Specific Agencies: Department of Homeland 
Security and Department of Transportation 

Water and Wastewater Systems : 

Sector-Specific Agency: Environmental Protection Agency 



Definitions 

For purposes of this directive: 

The term "all hazards" means a threat or an incident, natural or 
manmade, that warrants action to protect life, property, the 
environment, and public health or safety, and to minimize 
disruptions of government, social, or economic activities. It 
includes natural disasters, cyber incidents, industrial 
accidents, pandemics, acts of terrorism, sabotage, and 
destructive criminal activity targeting critical infrastructure. 

The term "collaboration" means the process of working together 
to achieve shared goals. 
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The terms "coordinate" and "in coordination with" mean a 
consensus decision-making process in which the named 
coordinating department or agency is responsible for working 
with the affected departments and agencies to achieve consensus 
and a consistent course of action. 

The term "critical infrastructure" has the meaning provided in 
section 1016(e) of the USA Patriot Act of 2001 (42 U.S.C. 
5195c (e) ) , namely systems and assets, whether physical or 
virtual, so vital to the United States that the incapacity or 
destruction of such systems and assets would have a debilitating 
impact on security, national economic security, national public 
health or safety, or any combination of those matters. 

The term "Federal departments and agencies" means any authority 
of the United States that is an "agency" under 44 U.S.C. 
3502(1), other than those considered to be independent 
regulatory agencies, as defined in 44 U.S.C. 3502(5). 

The term "national essential functions" means that subset of 
Government functions that are necessary to lead and sustain the 
Nation during a catastrophic emergency. 

The term "primary mission essential functions" means those 
Government functions that must be performed in order to support 
or implement the performance of the national essential functions 
before, during, and in the aftermath of an emergency. 

The term "national security systems" has the meaning given to it 
in the Federal Information Security Management Act of 2002 
(44 U.S.C. 3542 (b) ) . 

The term "resilience" means the ability to prepare for and adapt 
to changing conditions and withstand and recover rapidly from 
disruptions. Resilience includes the ability to withstand and 
recover from deliberate attacks, accidents, or naturally 
occurring threats or incidents. 

The term "Sector-Specific Agency" (SSA) means the Federal 
department or agency designated under this directive to be 
responsible for providing institutional knowledge and 
specialized expertise as well as leading, facilitating, or 
supporting the security and resilience programs and associated 
activities of its designated critical infrastructure sector in 
the all-hazards environment. 

The terms "secure" and "security" refer to reducing the risk to 
critical infrastructure by physical means or defense cyber 
measures to intrusions, attacks, or the effects of natural or 
manmade disasters. 
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